head	1.1;
access;
symbols
	RELEASE_8_3_0:1.1
	RELEASE_9_0_0:1.1
	RELEASE_7_4_0:1.1
	RELEASE_8_2_0:1.1
	RELEASE_6_EOL:1.1
	RELEASE_8_1_0:1.1
	RELEASE_7_3_0:1.1
	RELEASE_8_0_0:1.1
	RELEASE_7_2_0:1.1
	RELEASE_7_1_0:1.1
	RELEASE_6_4_0:1.1
	RELEASE_5_EOL:1.1
	RELEASE_7_0_0:1.1
	RELEASE_6_3_0:1.1
	PRE_XORG_7:1.1
	RELEASE_4_EOL:1.1
	RELEASE_6_2_0:1.1;
locks; strict;
comment	@# @;


1.1
date	2006.09.01.18.34.03;	author pav;	state Exp;
branches;
next	;


desc
@@


1.1
log
@The pam_abl provides auto blacklisting of hosts and users
responsible for repeated failed authentication attempts.

WWW: http://www.hexten.net/pam_abl/

PR:		ports/100635
Submitted by:	Petr Rehor <prehor@@gmail.com>
@
text
@--- conf/system-auth.orig	Wed Oct 12 21:22:27 2005
+++ conf/system-auth	Sat Jan 14 22:37:20 2006
@@@@ -1,15 +1,24 @@@@
-#%PAM-1.0
-auth        required      /lib/security/$ISA/pam_env.so
-auth        required      /lib/security/$ISA/pam_abl.so config=/etc/security/pam_abl.conf
-auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
-auth        required      /lib/security/$ISA/pam_deny.so
+#
+# System-wide defaults
+#
 
-account     required      /lib/security/$ISA/pam_unix.so
+# auth
+auth		required	%%PREFIX%%/lib/pam_abl.so config=%%ETCPREFIX%%/etc/pam_abl.conf
+auth		sufficient	pam_opie.so		no_warn no_fake_prompts
+auth		requisite	pam_opieaccess.so	no_warn allow_local
+#auth		sufficient	pam_krb5.so		no_warn try_first_pass
+#auth		sufficient	pam_ssh.so		no_warn try_first_pass
+auth		required	pam_unix.so		no_warn try_first_pass nullok
 
-password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
-password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
-password    required      /lib/security/$ISA/pam_deny.so
+# account
+#account 	required	pam_krb5.so
+account		required	pam_login_access.so
+account		required	pam_unix.so
 
-session     required      /lib/security/$ISA/pam_limits.so
-session     required      /lib/security/$ISA/pam_abl.so
-session     required      /lib/security/$ISA/pam_unix.so
+# session
+#session 	optional	pam_ssh.so
+session		required	pam_lastlog.so		no_fail
+
+# password
+#password	sufficient	pam_krb5.so		no_warn try_first_pass
+password	required	pam_unix.so		no_warn try_first_pass
@
